I am setting up a login using node.js, bcrypt, sequelize, and passport and I've followed the documentation online but for some reason the .compare function always returns false even when I know the passwords match.
In my model I added a beforCreate hook to encrypt the password:
beforeUpdate: function(user, options, fn) {
encryptPassword(user, options, fn);
}
encryptPassword function:
encryptPassword = function(user, options, fn) {
if (!user.changed('password'))
return fn();
bcrypt.hash(this.password, null, null, function(err, hash) {
if (err) return fn(err);
user.password = hash;
fn();
});
}
My controller where I create the user:
User
.create({
username: req.body.username,
password: req.body.password
})
.then(function() {
res.json({
message: 'New beer drinker added to the locker room!'
});
});
That works great, the user is stored in my DB with the hashed password.
Now I try to log the user in using passport
passport.use(new BasicStrategy(
function(username, password, callback) {
User
.find({
where: {
username: username
}
})
.then(function(user) {
// No user found with that username
if(!user) return callback(null, false);
// Make sure the password is correct
user.verifyPassword(password, function(err, isMatch) {
if(err) return callback(err);
// Password did not match
if(!isMatch) return callback(null, false);
// Success
return callback(null, user);
});
})
.catch(function(err) {
return callback(err);
});
}
));
This process calls user.verifyPassword which is an instanceMethod of my user model.
verifyPassword: function(password, callback) {
bcrypt.compare(password, this.password, callback);
}
However the callback is always false regardless of if the passwords match or not. Does anyone have any ideas what I'm doing wrong? I tried to switch to bcrypt but I couldn't get it to install because node-gyp rebuild always fails complaining it can't find the env variable for python which I've installed. Plus I don't want to have a huge pain in the ass trying to get the server developers to set up a server with all of the dependencies and stuff of the normal bcrypt.
When encrypting the password I was using this.password which was undefined. I needed to use user.password
to get the current password.
bcrypt.hash(user.password, null, null, function(err, hash) {
if (err) return fn(err);
user.password = hash;
fn();
});
You're not actually passing the password to the verifyPassword function.
user.verifyPassword(password, function(err, isMatch) {
... ^^^^^^^^
});`
that password variable isn't actually defined. When you are in the .then()
function you have access to the object that is returned from the database. Whether it is a single result or a result set.
user.verifyPassword(user.password, function(err, isMatch) { ... });
^^^^^^^^^^^^^
You'll have to access the data inside the object that you get back from the .findAll()
query.
Hope this helps.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.